'Michael Alan Dorman wrote:' > >> /usr/lib/apache is my choice for serverroot. Where the documents go >> is site-specific. I'd like to also include an option to chroot httpd >> to /usr/local/http or somesuch. Can dpkg install a package under some >> arbitrary directory? If so then the preinst script might be able to get >> everything into /usr/local/http and run httpd under chroot (for the >> security paranoid). > >Uh, why would you want to chroot the httpd? Wouldn't that cause mondo >problems, especially if we try and get it to do stuff like dynaloading >modules, etc.? > For extra security. Like any chroot environment, you need to copy all the shared libs into $chroot. But if a complete list were determined, it could be done in the postinst. Net Access is currently running apache in a chroot environment for extra security. I think it would be nice to add this feature (My only problem is I'm not sure dpkg can handle it - Ian?).
-- Christopher J. Fearnley | UNIX SIG Leader at PACS [EMAIL PROTECTED] (finger me!) | (Philadelphia Area Computer Society) [EMAIL PROTECTED] | Design Science Revolutionary http://www.netaxs.com/~cjf | Explorer in Universe "Dare to be Naive" -- Bucky Fuller | Linux Advocate
